This alert gets triggered when multiple buckets are deleted in a short period by a single user. Note - In this alert, the threshold is set to more than 5 buckets deleted within 15 minutes timeframe. Impact A potential threat actor might intentionally erase a storage bucket to disrupt the business operations of their target. The impact would be - data loss, operation interruption, database downtime, etc. Mitigation System or network administrators can delete storage buckets. Confirm whether the user email, resource name, and/or hostname align with authorized entities for making changes in your environment. For critical data buckets, it is recommended to take the daily data backup. MITRE Tactic: TA0040 MITRE Technique: T1485